
package com.hk.web.core.credentials;

import com.hk.commons.utils.SecurityUtil;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;

/**
 * 密码凭证匹配器（验证密码有效性）
 */
public class CredentialsMatcher extends SimpleCredentialsMatcher {

    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        UsernamePasswordToken utoken = (UsernamePasswordToken) token;
        //获得用户输入的密码
        String inPassword = String.valueOf(utoken.getPassword());
        //获得数据库中的密码
        String dbPassword = (String) info.getCredentials();
        inPassword = SecurityUtil.getEncryptedPassword(inPassword);
        //进行密码的比对
        return this.equals(inPassword, dbPassword);
    }
}
